"""
Case Type   : 防篡改
Case Name   : 账本数据库基础语法适配(DDL/DML)--没有防篡改schema，归档用户历史表
Create At   : 2022-02-28
Owner       : lwx1080719
Description :
    1.查询三权分立参数enableSeparationOfDuty
    2.创建不同权限用户
    3.不同权限用户登录数据库归档用户历史表
    4.清理环境
Expect      :
    1.显示默认值off
    2.成功
    3.系统管理员和审计管理员会报错'schema "ledgernsp" does not exist',
    其他用户报错'Permission denied'
    4.成功
History     : 
"""




import os
import unittest
from yat.test import Node
from yat.test import macro
from testcase.utils.Constant import Constant
from testcase.utils.CommonSH import CommonSH
from testcase.utils.Common import Common
from testcase.utils.Logger import Logger


class ModifyCase(unittest.TestCase):
    def setUp(self):
        self.logger = Logger()
        self.logger.info(f'-----{os.path.basename(__file__)} start-----')
        self.dbuserNode = Node('PrimaryDbUser')
        self.primary_sh = CommonSH('PrimaryDbUser')
        self.Constant = Constant()
        self.Common = Common()
        self.user_name = 'u_security_tamper_proof'
        self.user_privileges = {f'{self.user_name}_sys': 'sysadmin',
                                f'{self.user_name}_create': 'createrole',
                                f'{self.user_name}_audit': 'auditadmin',
                                f'{self.user_name}_noruser': '',
                                f'{self.user_name}_independent': 'independent',
                                f'{self.user_name}_mon': 'monadmin',
                                f'{self.user_name}_opr': 'opradmin',
                                f'{self.user_name}_pol': 'poladmin',
                                f'{self.user_name}_persistent': 'persistence'}
        self.default_value = self.Common.show_param('enableSeparationOfDuty')

    def test_security(self):
        text = '----step1:查询三权分立参数enableSeparationOfDuty值  ' \
               'expect:默认值off----'
        self.logger.info(text)
        self.assertEqual("off", self.default_value, "执行失败:" + text)

        text = '----step2:创建不同权限用户 expect:成功----'
        self.logger.info(text)
        for user, privilege in self.user_privileges.items():
            create_cmd = f"drop user if exists {user} cascade; " \
                f"create user {user} {privilege} " \
                f"password '{macro.PASSWD_REPLACE}' ; "
            msg = self.primary_sh.execut_db_sql(create_cmd)
            self.logger.info(msg)
            self.assertIn(self.Constant.DROP_ROLE_SUCCESS_MSG and
                          self.Constant.CREATE_ROLE_SUCCESS_MSG, msg,
                          '执行失败:' + text)

        text = '----step3:不同权限用户登录数据库归档用户历史表' \
               ' expect:系统管理员和审计管理员会报错schema不存在,' \
               '其他用户会报权限拒绝----'
        self.logger.info(text)
        sql_cmd = f'''select pg_catalog.ledger_hist_archive
                    ('ledgernsp', 'studentsclass');'''
        self.logger.info(sql_cmd)
        for user in self.user_privileges.keys():
            msg = self.primary_sh.execut_db_sql(
                sql_cmd, sql_type=f' -U {user} -W {macro.PASSWD_REPLACE}')
            self.logger.info(msg)
            if user in {f'{self.user_name}_sys',f'{self.user_name}_audit'}:
                self.assertIn(f'schema "ledgernsp" does not exist', msg,
                              "执行失败:" + text)
            else:
                self.assertIn(self.Constant.PERMISSION_DENY_MSG, msg,
                              "执行失败:" + text)

    def tearDown(self):
        text = '----step4:清理环境 expect:成功----'
        self.logger.info(text)
        drop_msg = []
        for user in self.user_privileges.keys():
            drop_cmd = f"drop user if exists {user} cascade; "
            msg = self.primary_sh.execut_db_sql(drop_cmd)
            self.logger.info(msg)
            drop_msg.append(msg)
        self.assertEqual(9,
                         drop_msg.count(self.Constant.DROP_ROLE_SUCCESS_MSG),
                         '执行失败:' + text)
        self.logger.info(f'-----{os.path.basename(__file__)} end-----')
